Description

Image table's img_sha1 file is used to look for duplicate files at upload time. While known SHA-1 attacks can't be used to create a duplicate of an existing file, they can be used to create pairs or sets of files which will cause confusion, leading to recommendation to use SHA-256 instead.

Recommend:

add img_sha256 and related fields

populate hashes of old entries

adjust suitable internal and external APIs to take SHA-256 hashes as well as SHA-1 hashes